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DETAILED ACTION 

1 . Claims 1-24 are presented for examination. 



EXAMINER'S AMENDMENT 

2. An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1 .3 12. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with 
Jim Sprowl, Reg. No. 25,061, on July 25, 2006. 



3. The application has been amended as follows: 

1 . (Currently amended) A server-based, computer implemented method for detecting and 
neutralizing invalid server-supplied data received from clients comprising the following steps; 

perform e d following a servers receipt of a request for services from a client which 
request is accompanied by at least one identifier and associated data placed on the client via 
commands sent to the client by the server or by related servers on earlier occasions ;, said m e thod 
comprising: 

scanning the data which is received from the client to identify, as invalid data, any 
character string in the data that contains improp e r restricted characters; 

determining the identifier associated with any data which is invalid; and 

as part of a server response sent back to the client, including in the response a command 
that causes only the invalid data , m e aning charact e r strings that includ e improp e r charact e rs, 
identified by the identifier to be neutralized; 

wherein the detection and neutralization of the data is applied to one or more cookies 
supplied by the server or by the related servers to the client . 

2. (Currently amended) A method in accordance with claim 1, wh e r e in th e m e thod 

is appli e d to th e det e ction and n e utralization of one or mor e cooki e s e ach associat e d with data 
and an id e ntifier and suppli e d by th e serv e r or by r e lated s e rv e rs to clients, said method further 
comprising: 
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when the data and the identifier associated with sueh-^ rthe one or more cookie s are f [is]] 
later returned by a particular client to the server and the data is found to contain invalid data, 
then neutralizing the one or more cookies associated with invalid data and identified by the 
associated identifier. 



3. (Currently amended) A method in accordance with claim 1, wherein [[a]]the request for 
services received from a client is accompanied by two or more separate identifiers and associated 
data, and wherein the command or commands sent to the client as part of [fa]] the server response 
to the client includes one or more commands each of which identifies by identifier the associated 
data that contains the identified invalid data which is to be neutralized, whereby other data 
associated with other identifiers and containing valid data are not neutralized. 

4. (Currently amended) A method in accordance with claim 1, wherein neutralization is 
carried out by sending to [[a]] the client a command that places on the client new data associated 
with an identifier found on the client associated with the data containing invalid data and a 
domain identifier of the server or of the related servers, the new data containing a null data 
string, whereby the new data displaces the erroneous data and thereby neutralizes the erroneous 
data. 

5. (Currently amended) A method in accordance with claim 1, wherein the data placed on 
the client via one or more commands sent to the client includes an expiration date, and wherein 
neutralization is accomplished by adjusting the expiration date to a value that neutralizes the 
identified invalid data through expiration shortly after the commands are received. 

12. (Currently amended) A computer program stored on a server containing instructions 
enabling it to cause [[a]]the serve r, when executing the computer program, to carry out the 
method steps as in claim 1 . 

13. (Currently amended) A server-based system for detecting and neutralizing invalid server- 
supplied data received back from clients comprising: 

a server designed to communicate over a network with clients; 

a scanner that scans at least some requests for services flowing into the server coming 
from clients over the network and including a detector that can detect incoming identifiers and 
associated data returned to the server by [[the]]a client and originally placed on the client by the 
server or by related servers on earlier occasions; 

a data integrity tester that tests the validity of such incoming server data by searching the 
data for improp e r restricted characters; and 

a message insertion command generator placed into operation when the data integrity 
tester identifies invalid data, meaning data containing improp e r restricted characters, in such 
incoming server data that causes the server, when transmitting a return message back to [[a]] the 



Application/Control Number: 09/909,482 



Page 4 



Art Unit: 2152 

client from which invalid data was received, to include within the return message at least one 
command that causes the client to neutralize the invalid data, identified by the associated 
identifier, without neutralizing other valid data; 

wherein the detection and neutralization of the data is applied to one or more cookies 
supplied by the server or by the related servers to the client . 

14. (Currently amended) A system in accordance with claim 13, wh e r e in th e syst e m 

is us e d to d e t e ct and n e utraliz e on e or mor e cooki e s suppli e d by th e s e rv e r or r e lat e d s e rv e rs to 
cli e nts on e arli e r occasions, said system further comprising: [[and]] 

when the data and identifier associated with ffa]] the one or more cookies are later 
returned to the server by a particular client and the data integrity tester identifies invalid data, 
then the at least one command sent back to the client by the message insertion command 
generator neutralizes the one or more cookies associated with such identifiers and invalid data. 

15. (Currently amended) A system in accordance with claim 13, wherein a request for 
services received from a client is accompanied by two or more separate identifiers and associated 
data, and wherein, if the data is found to be invalid, the at least one or more command or 
commands sent to the client by the message insertion command generator as part of a response to 
the client include at least one command which identifies by identifier the associated data that 
contains the identified invalid data which is to be neutralized, whereby other data associated with 
other identifiers and containing valid data are not neutralized. 

16. (Currently amended) A system in accordance with claim 13, wherein neutralization is 
carried out by the message insertion command generator sending to [[a]]the client a command 
that places on the client new data associated with an identifier found on the client associated with 
the data containing invalid data and a domain identifier of the server or of the related servers, the 
new data containing a null data string, whereby the new data displaces the erroneous data and 
thereby neutralizes the erroneous data. 

17. (Currently amended) A system in accordance with claim 13, wherein the data placed on 
the client includes an expiration date, and wherein neutralization is accomplished by the at least 
one or more commands that adjust the expiration date to a value that neutralizes the identified 
invalid data through expiration shortly after the commands are received. 

19. (Currently amended) A system in accordance with claim 17, wherein the expiration date 
is set to a date equal to or earlier than the date when the at least one or more commands are sent 
back to the client. 
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Allowable Subject Matter 

4. Claims 1-24 are allowed. 

5. The following is an examiner's statement of reasons for allowance: In the prior art, when 
a cookie is corrupted, a new cookie is generated to replace the corrupted one since generating 
cookie is easy. However, none of prior art of record explicitly teaches or fairly suggests all of 
the limitation of the claimed invention, especially the limitation of scanning to detect invalid data 
of a cookie containing restricted characters to be neutralized, the restricted characters defined to 
be space, beginning bracket, end bracket, beginning curly brace, end curly brace, beginning 
parenthesis, end parenthesis, question mark, plus sign, colon, semi-colon, comma, equal sign, at 
sign, forward slash, backward slash, and quotation mark; using identifier to associate with the 
invalid data scanned and to neutralize the invalid cookies data supplied by servers to the client. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kenny Lin whose telephone number is (571) 272-3968. The 
examiner can normally be reached on 8 AM to 5 PM Tue.-Fri. and every other Monday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob Jaroenchonwanit can be reached on (571) 272-3913. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



ksl 

July 25, 2006 




